H-4093: Allow evaluating multiple policies at the same time

[TimDiekmann]

🌟 What is the purpose of this PR?

Typically, we need to evaluate more policies to find out if a user is permitted to do a certain action. In particular, when a policy defines a forbid effect, it has to be executed alongside other other policies to exclude previously permitted actions.

🔍 What does this change?

• Move the validation logic into own module and make it easier to use (remove manual steps required previously)
• Add a machine principal
• Fix conversion between cedar policies and our types (using StaticPolicy instead of Template)
• Add a PolicySet which can be evaluated in full (which takes into account Forbid as well)

Pre-Merge Checklist 🚀

🚢 Has this modified a publishable library?

This PR:

• does not modify any publishable blocks or libraries, or modifications do not need publishing

📜 Does this require a change to the docs?

The changes in this PR:

• are internal and do not require a docs change

🕸️ Does this require a change to the Turbo Graph?

The changes in this PR:

• do not affect the execution graph

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 20.93%. Comparing base (abffa32) to head (350dd63).
Report is 11 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6518   +/-   ##
=======================================
  Coverage   20.93%   20.93%           
=======================================
  Files         583      583           
  Lines       20110    20110           
  Branches     3002     3002           
=======================================
  Hits         4210     4210           
  Misses      15843    15843           
  Partials       57       57           

Flag	Coverage Δ
apps.hash-ai-worker-ts	1.30% <ø> (ø)
apps.hash-api	1.13% <ø> (ø)
local.hash-backend-utils	8.81% <ø> (ø)
local.hash-graph-sdk	58.62% <ø> (ø)
local.hash-isomorphic-utils	0.89% <ø> (ø)
local.hash-subgraph	24.54% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Benchmark results

@rust/hash-graph-benches – Integrations

representative_read_entity

Function	Value	Mean	Flame graphs
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2	$$16.3 \mathrm{ms} \pm 213 \mathrm{μs}\left({\color{gray}-2.080 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1	$$17.4 \mathrm{ms} \pm 239 \mathrm{μs}\left({\color{gray}3.63 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1	$$16.9 \mathrm{ms} \pm 217 \mathrm{μs}\left({\color{lightgreen}-26.689 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1	$$16.4 \mathrm{ms} \pm 181 \mathrm{μs}\left({\color{gray}-0.261 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1	$$16.8 \mathrm{ms} \pm 175 \mathrm{μs}\left({\color{gray}2.86 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1	$$17.1 \mathrm{ms} \pm 229 \mathrm{μs}\left({\color{lightgreen}-27.676 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1	$$16.0 \mathrm{ms} \pm 221 \mathrm{μs}\left({\color{gray}4.54 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1	$$16.5 \mathrm{ms} \pm 216 \mathrm{μs}\left({\color{gray}3.97 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1	$$16.6 \mathrm{ms} \pm 199 \mathrm{μs}\left({\color{gray}-4.257 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_complete_zero_depth

Function	Value	Mean	Flame graphs
entity_by_id	10 entities	$$2.26 \mathrm{ms} \pm 26.7 \mathrm{μs}\left({\color{gray}4.55 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	5 entities	$$2.03 \mathrm{ms} \pm 8.07 \mathrm{μs}\left({\color{gray}0.153 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	50 entities	$$4.12 \mathrm{ms} \pm 18.0 \mathrm{μs}\left({\color{gray}-3.929 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	25 entities	$$3.43 \mathrm{ms} \pm 15.0 \mathrm{μs}\left({\color{gray}0.144 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$2.00 \mathrm{ms} \pm 3.63 \mathrm{μs}\left({\color{gray}0.364 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity_type

Function	Value	Mean	Flame graphs
get_entity_type_by_id	Account ID: d4e16033-c281-4cde-aa35-9085bf2e7579	$$2.15 \mathrm{ms} \pm 7.89 \mathrm{μs}\left({\color{gray}-0.347 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_linkless

Function	Value	Mean	Flame graphs
entity_by_id	10000 entities	$$9.43 \mathrm{ms} \pm 74.2 \mathrm{μs}\left({\color{lightgreen}-33.355 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	100 entities	$$2.10 \mathrm{ms} \pm 4.73 \mathrm{μs}\left({\color{gray}0.542 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10 entities	$$2.04 \mathrm{ms} \pm 6.10 \mathrm{μs}\left({\color{gray}-1.131 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1000 entities	$$3.19 \mathrm{ms} \pm 12.9 \mathrm{μs}\left({\color{red}8.36 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$2.03 \mathrm{ms} \pm 5.06 \mathrm{μs}\left({\color{gray}0.719 \mathrm{\%}}\right) $$	Flame Graph

representative_read_multiple_entities

Function	Value	Mean	Flame graphs
entity_by_property	depths: DT=0, PT=2, ET=2, E=2	$$52.5 \mathrm{ms} \pm 249 \mathrm{μs}\left({\color{gray}-2.528 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=0, E=0	$$38.6 \mathrm{ms} \pm 145 \mathrm{μs}\left({\color{gray}-1.044 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=0, E=2	$$43.6 \mathrm{ms} \pm 209 \mathrm{μs}\left({\color{gray}2.13 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=2, PT=2, ET=2, E=2	$$56.3 \mathrm{ms} \pm 291 \mathrm{μs}\left({\color{gray}-0.457 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=255, PT=255, ET=255, E=255	$$66.0 \mathrm{ms} \pm 235 \mathrm{μs}\left({\color{gray}-0.329 \mathrm{\%}}\right) $$	Flame Graph
entity_by_property	depths: DT=0, PT=0, ET=2, E=2	$$48.6 \mathrm{ms} \pm 313 \mathrm{μs}\left({\color{gray}0.580 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=2, ET=2, E=2	$$89.1 \mathrm{ms} \pm 375 \mathrm{μs}\left({\color{gray}1.55 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=0, E=0	$$39.2 \mathrm{ms} \pm 203 \mathrm{μs}\left({\color{gray}-1.125 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=0, E=2	$$73.6 \mathrm{ms} \pm 254 \mathrm{μs}\left({\color{gray}-1.897 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=2, PT=2, ET=2, E=2	$$91.3 \mathrm{ms} \pm 395 \mathrm{μs}\left({\color{gray}0.488 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=255, PT=255, ET=255, E=255	$$101 \mathrm{ms} \pm 379 \mathrm{μs}\left({\color{gray}1.71 \mathrm{\%}}\right) $$	Flame Graph
link_by_source_by_property	depths: DT=0, PT=0, ET=2, E=2	$$82.1 \mathrm{ms} \pm 349 \mathrm{μs}\left({\color{gray}-1.857 \mathrm{\%}}\right) $$	Flame Graph

scaling_read_entity_complete_one_depth

Function	Value	Mean	Flame graphs
entity_by_id	10 entities	$$32.1 \mathrm{ms} \pm 143 \mathrm{μs}\left({\color{lightgreen}-42.110 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	5 entities	$$27.6 \mathrm{ms} \pm 218 \mathrm{μs}\left({\color{gray}1.06 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	50 entities	$$5.65 \mathrm{s} \pm 289 \mathrm{ms}\left({\color{red}1967 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	25 entities	$$183 \mathrm{ms} \pm 868 \mathrm{μs}\left({\color{gray}2.28 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1 entities	$$21.0 \mathrm{ms} \pm 37.5 \mathrm{μs}\left({\color{gray}-1.669 \mathrm{\%}}\right) $$	Flame Graph